Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


BEWARE OF WIN95/BABYLONIA VIRUS

Virus Name  : W95/Babylonia

Virus type    : File Infector, E-mail worm

Threat level : Low

Virus details :

                     W95/Babylonia is a polymorphic virus, When executed, the virus infects .EXE and .HLP files. The virus creates a file called KERNEL32.EXE size 4096 bytes, which monitors system activity for Internet connection. When it detects an Internet connection, it attempts to connect to a Web site hosted by a virus authoring group, and if successful, it downloads additional components of the complete virus to the host PC.

                     The system registry is modified to load this at system startup- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KERNEL32.EXE="KERNEL32.EXE". The KERNEL32.EXE process uses WSOCK32.DLL, WININET.DLL, SHLWAPI.DLL, USER32.DLL, GDI32.DLL, ADVAPI32.DLL and KERNEL32.DLL to monitor internet connection.

                     If the internet connection is made, will attempt to connect to a website hosted in Japan and maintained by a Virus authoring group to download 'components' of the virus. The components are listed in a file named "virus.txt" - the names on the list are then used to download the other named files to the local system. When all files are downloaded, this virus will use them to further spread. Right the virus.txt contains the following componets namely DROPPER.DAT, GREETZ.DAT, IRCWORM.DAT and POLL.DAT.

                     If mIRC is installed in your machine, this bug will modify the script.ini to automatically send itself as the file "2KBug-MircFix.exe" when connecting to irc channels on the internet. The virus uses Wsock32.dll to send an email notification to the email address "babylonia_counter@hotmail.com.Strings within one of the downloaded components suggests that the virus monitors the system clock waiting for the right time to modify the AUTOEXEC.BAT with the following text:

echo W95/Babylonia by Vecna (c) 1999
echo Greetz to RoadKil and VirusBuster
echo Big thankz to sok4ever webmaster
echo Abracos pra galera brazuca!!!
echo ---
echo Eu boto fogo na Babilonia!

How can I protect my system?

                   Solo has incorporated  Babylonia in its signature file to protect users from this virus attack. Solo antivirus registered users are already protected from this virus. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove Win32/Babylonia virus?

                   If you are already infected with this virus, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove Babylonia virus safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link